Anti-Virus alone won’t protect your business

James Dempsey, Owner/Partner of ITSolutions|Currie continues a series of articles in the Central Valley Business Journal. Here is a preview of the fifth installment.

Let me be direct – your antivirus software will not fully protect you from cybercriminals. The misconception that running recently purchased, popular antivirus software will safeguard you is patently wrong. Please don’t misunderstand; you need what protection it does offer, antivirus protection is essential. Unfortunately, the protection provided is often significantly less than most people realize, which is why so many people using antivirus software find themselves with malware infected computers.

The term “antivirus” is actually a little misleading. Antivirus programs have evolved into antimalware and security applications. Today, we are defending ourselves against organized cybercriminals who are attempting to install malicious software (malware) onto computers in order to steal information or attack other computers. There is more money to be made through this type of criminal activity than almost any other and the methods used by hackers have become multifaceted and highly sophisticated – so sophisticated that it has not been possible for antivirus companies to keep up.

It turns out that the most exploitable security flaw on most computers is the loose nut behind the keyboard – you. “Socially-engineered malware” represents the single largest number of current malware attacks. They work by tricking users into downloading and running malicious software from the internet: utilities, movies, video codecs, screensavers, etc. Cybercriminals have discovered that it is easier to trick you into consensually installing malicious software (disguised as something warm and fuzzy) than it is to identify and exploit software security flaws on your computer. Moreover, this methodology works regardless of your operating system: Microsoft, Apple, Android – they are all vulnerable if you yourself install the malicious software.

Antivirus software is supposed to protect us from this type of trickery, but all software is not created equally. Indeed, a recent study by NSS Labs showed that AVG, a popular antivirus application, blocked as little as 54.8% of the attacks, with the best performer, Trend Micro, stopping 90.1%. Using this attack, cybercriminals have a 10%-45% chance of completely bypassing your protection without triggering alarms, depending on your security software.

The statistics become more alarming if the hackers are leveraging “exploits”, the second most common attack. Software developers regularly discover flaws in their coding. Since cybercriminals can exploit these flaws to secretly install malware, developers regularly distribute software patches in order to correct the vulnerabilities. If an unpatched computer visits a malicious website, the website can exploit the unpatched software to “deliver its payload” – malware. In this situation, the user isn’t even aware that software has secretly been installed; they simply had to browse the internet with an unpatched computer. Nor was it necessary for the user to visit “seedy” places on the internet. There are numerous examples of hackers hijacking legitimate websites specifically for these purposes.

Again, antivirus software is supposed to protect us from these types of attacks, but the statistics for successful exploit protection are even worse than for socially-engineered malware. Here, the NSS Labs report shows that even the most successful protection (F-Secure and Kaspersky tied) stopped less than 75% of the attacks with most tested products stopped less than 50%! Cybercriminals leveraging software exploits would have a 25% to 97% chance of success, depending on your protection.

As computer users, we are far from helpless, but we need to understand how to defend ourselves. In truth, we need multiple layers of protection. No single tool will suffice. The antivirus industry has, unfortunately, created a false sense of security for most people. Their user’s expectations exceed what the products are capable of providing on their own.

One of the simplest ways to protect yourself against hackers leveraging exploits is simply to apply software patches. When the Microsoft shield icon pops up (in the lower right hand corner of your screen, by the clock) saying there are patches to install, they aren’t kidding. When Adobe, Java, or Apple indicates that updates are available, you need to install them. Software patching is one of the most neglected areas of computer maintenance.

Given that socially-engineered malware works by tricking people, the best defense is education and an ever vigilant and defensive stance. If you are not familiar with the developer of software you are downloading and installing, be wary. Read reviews and stick to popular software downloading sites. Know that cybercriminals leverage peer-to-peer file sharing programs (such as LimeWire) and social media sites (such as Facebook) heavily. Be cautious about what you download using these mediums.

Businesses should utilize web blocking tools to prevent their employees from visiting inappropriate websites, accidentally or otherwise. Aside from the obvious, inappropriate websites might include Facebook, MySpace, and personal web mail sites. Peer-to-peer applications and internet proxy sites would also be blocked. Properly designed, a web blocker can be discriminating. Educated users employing Facebook for business social media purposes can be allowed while almost everyone else is blocked.

Once cybercriminals have successfully penetrated your defenses, weeding them out can be difficult. Be proactive about protecting yourself. Use antivirus software, but do not trust it as your primary defense. Use it, rather, as a safety net for anything that slips past you and your fully patched computer.